Merge branch 'master' into topic/jsiwek/broxygen

Conflicts: testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
2025-10-09 18:18:19 +00:00 · 2013-10-30 16:20:48 -05:00 · 2013-10-30 16:20:48 -05:00 · b38efa58d0
commit b38efa58d0
parent 3a99aaaf0a 49f31acebe
117 changed files with 1171 additions and 742 deletions
--- a/testing/btest/Baseline/bifs.identify_data/out
+++ b/testing/btest/Baseline/bifs.identify_data/out
@ -1,4 +1,4 @@
 ASCII text, with no line terminators
-text/plain; charset=us-ascii
-PNG image
-image/png; charset=binary
+text/plain
+PNG image data
+image/png
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@ -3,28 +3,28 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-49
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331889.617206	-	ip or not ip	T	T
-#close	2013-08-12-18-24-49
+1382640829.338079	bro	ip or not ip	T	T
+#close	2013-10-24-18-53-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-49
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331889.904944	-	port 42	T	T
-#close	2013-08-12-18-24-49
+1382640829.495639	bro	port 42	T	T
+#close	2013-10-24-18-53-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-50
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331890.192875	-	(vlan) and (ip or not ip)	T	T
-#close	2013-08-12-18-24-50
+1382640829.653368	bro	(vlan) and (ip or not ip)	T	T
+#close	2013-10-24-18-53-49
--- a/testing/btest/Baseline/coverage.init-default/missing_loads
+++ b/testing/btest/Baseline/coverage.init-default/missing_loads
@ -4,4 +4,5 @@
 -./frameworks/cluster/setup-connections.bro
 -./frameworks/intel/cluster.bro
 -./frameworks/notice/cluster.bro
+-./frameworks/packet-filter/cluster.bro
 -./frameworks/sumstats/cluster.bro
--- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output
+++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output
@ -1,9 +1,8 @@
 # @TEST-EXEC: cat %INPUT >output && btest-diff output

-connection_record_02.bro
+connection_record_01.bro

@load base/protocols/conn
-@load base/protocols/dns

 event connection_state_remove(c: connection)
    {
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output
@ -27,10 +27,10 @@ export {
 	                         /application\/jar/ |
 	                         /video\/mp4/ &redef;

-	## The malware hash registry runs each malware sample through several A/V engines.
-	## Team Cymru returns a percentage to indicate how many A/V engines flagged the
-	## sample as malicious. This threshold allows you to require a minimum detection
-	## rate.
+	## The malware hash registry runs each malware sample through several
+	## A/V engines.  Team Cymru returns a percentage to indicate how
+	## many A/V engines flagged the sample as malicious. This threshold
+	## allows you to require a minimum detection rate.
 	const notice_threshold = 10 &redef;
 }

--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output
@ -18,9 +18,9 @@ export {
 	                         /application\/jar/ |
 	                         /video\/mp4/ &redef;

-	## The malware hash registry runs each malware sample through several A/V engines.
-	## Team Cymru returns a percentage to indicate how many A/V engines flagged the
-	## sample as malicious. This threshold allows you to require a minimum detection
-	## rate.
+	## The malware hash registry runs each malware sample through several
+	## A/V engines.  Team Cymru returns a percentage to indicate how
+	## many A/V engines flagged the sample as malicious. This threshold
+	## allows you to require a minimum detection rate.
 	const notice_threshold = 10 &redef;
 }
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
@ -14,8 +14,8 @@ module SSH;

 export {
 	redef enum Notice::Type += {
-		## Generated if a login originates or responds with a host where the 
-		## reverse hostname lookup resolves to a name matched by the 
+		## Generated if a login originates or responds with a host where
+		## the reverse hostname lookup resolves to a name matched by the
 		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};
--- a/testing/btest/Baseline/language.named-record-ctors/out
+++ b/testing/btest/Baseline/language.named-record-ctors/out
@ -1,2 +1,9 @@
 [min=<uninitialized>, max=2]
 [min=7, max=42]
+[aaa=1, bbb=test, ccc=<uninitialized>, ddd=default]
+{
+[Java] = {
+[min=<uninitialized>, max=[major=1, minor=6, minor2=0, minor3=44, addl=<uninitialized>]],
+[min=[major=1, minor=7, minor2=<uninitialized>, minor3=<uninitialized>, addl=<uninitialized>], max=[major=1, minor=7, minor2=0, minor3=20, addl=<uninitialized>]]
+}
+}
--- a/testing/btest/bifs/identify_data.bro
+++ b/testing/btest/bifs/identify_data.bro
@ -1,5 +1,5 @@
-#
-# @TEST-EXEC: bro -b %INPUT | sed 's/PNG image data/PNG image/g' >out
+# Text encodings may vary with libmagic version so don't test that part.
+# @TEST-EXEC: bro -b %INPUT | sed 's/; charset=.*//g' >out
 # @TEST-EXEC: btest-diff out

 event bro_init()
--- a/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest
+++ b/testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest
@ -1,9 +1,8 @@
 # @TEST-EXEC: cat %INPUT >output && btest-diff output

-connection_record_02.bro
+connection_record_01.bro

@load base/protocols/conn
-@load base/protocols/dns

 event connection_state_remove(c: connection)
    {
--- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro.btest
@ -27,10 +27,10 @@ export {
 	                         /application\/jar/ |
 	                         /video\/mp4/ &redef;

-	## The malware hash registry runs each malware sample through several A/V engines.
-	## Team Cymru returns a percentage to indicate how many A/V engines flagged the
-	## sample as malicious. This threshold allows you to require a minimum detection
-	## rate.
+	## The malware hash registry runs each malware sample through several
+	## A/V engines.  Team Cymru returns a percentage to indicate how
+	## many A/V engines flagged the sample as malicious. This threshold
+	## allows you to require a minimum detection rate.
 	const notice_threshold = 10 &redef;
 }

--- a/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest
@ -18,9 +18,9 @@ export {
 	                         /application\/jar/ |
 	                         /video\/mp4/ &redef;

-	## The malware hash registry runs each malware sample through several A/V engines.
-	## Team Cymru returns a percentage to indicate how many A/V engines flagged the
-	## sample as malicious. This threshold allows you to require a minimum detection
-	## rate.
+	## The malware hash registry runs each malware sample through several
+	## A/V engines.  Team Cymru returns a percentage to indicate how
+	## many A/V engines flagged the sample as malicious. This threshold
+	## allows you to require a minimum detection rate.
 	const notice_threshold = 10 &redef;
 }
--- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
@ -14,8 +14,8 @@ module SSH;

 export {
 	redef enum Notice::Type += {
-		## Generated if a login originates or responds with a host where the 
-		## reverse hostname lookup resolves to a name matched by the 
+		## Generated if a login originates or responds with a host where
+		## the reverse hostname lookup resolves to a name matched by the
 		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};
--- a/testing/btest/language/named-record-ctors.bro
+++ b/testing/btest/language/named-record-ctors.bro
@ -1,4 +1,4 @@
-# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: bro -b frameworks/software/vulnerable %INPUT >out
 # @TEST-EXEC: btest-diff out

 type MyRec: record {
@ -6,7 +6,32 @@ type MyRec: record {
 	max: count;
 };

+type Bar: record {
+    aaa: count;
+    bbb: string &optional;
+    ccc: string &optional;
+    ddd: string &default="default";
+};
+
+const java_1_6_vuln = Software::VulnerableVersionRange(
+	$max = Software::Version($major = 1, $minor = 6, $minor2 = 0, $minor3 = 44)
+);
+
+const java_1_7_vuln = Software::VulnerableVersionRange(
+	$min = Software::Version($major = 1, $minor = 7),
+	$max = Software::Version($major = 1, $minor = 7, $minor2 = 0, $minor3 = 20)
+);
+
+redef Software::vulnerable_versions += {
+	["Java"] = set(java_1_6_vuln, java_1_7_vuln)
+};
+
 local myrec: MyRec = MyRec($max=2);
 print myrec;
 myrec = MyRec($min=7, $max=42);
 print myrec;
+
+local data = Bar($aaa=1, $bbb="test");
+print data;
+
+print Software::vulnerable_versions;